cyber security
Grafana Zero-Day Vulnerability Allows Attackers to Redirect Users to Malicious Sites
The High-severity cross-site scripting (XSS) vulnerability has been discovered in Grafana, prompting the immediate release of security patches across all supported versions.
The vulnerability (CVE-2025-4123)...
cyber security
Attackers Exploit BIND DNS Server Vulnerability to Crash Servers Using Malicious Packets
The vulnerability in BIND DNS server software allowed attackers to crash DNS servers by sending specifically crafted malicious packets.
This flaw, identified as CVE-2023-5517, could...
cyber security
New Process Injection Technique Evades EDR by Injecting Malicious Code into Windows Processes
Researchers revealed this method exploits shared memory regions and thread context manipulation to execute malicious payloads without triggering standard detection heuristics.
Novel process injection technique...
Browser
Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security
A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content Progressive Web App (PWA)...
API
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication
A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency.
Dubbed a “Docker...
Cyber Attack
Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees
ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate payroll fraud against a manufacturing sector customer.
This deceptive strategy involves...
cyber security
PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram
A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some reports), has surfaced as a significant cyber threat, targeting sensitive...
cyber security
71 Fake Websites Impersonating German Retailer to Steal Payment Information
Recorded Future Payment Fraud Intelligence has uncovered a sprawling network of 71 fraudulent e-commerce domains designed to impersonate a prominent German international discount retailer,...